[pacman-dev] [PATCH v3 1/2] makepkg: Add support for verifying pgp signatures
Allan McRae
allan at archlinux.org
Thu Jul 7 02:23:51 EDT 2011
On 06/07/11 21:02, Wieland Hoffmann wrote:
> Many projects provide signature files along with the source code
> archives. It's good to check these, too, when verifying the integrity
> of source code archives.
> Not everybody is using gpg so the verification can be disabled with
> --skippgpcheck.
> Additionally, only a warning is displayed when the key that signed the
> source file is unknown.
> ---
Signed-off-by: Allan
Applied to my working branch with the minor changes mentioned below.
<snip>
> +check_pgpsigs() {
> + (( SKIPPGPCHECK ))&& return 0
> + (( ! ${#source[@]} ))&& return 0
> + [[ ! source_has_signatures ]]&& return 0
The ${#source[@]} size check is not needed given it is covered by the
source_has_signatures anyway.
<snip>
> +
> + if ! gpg --quiet --batch --status-file "$statusfile" --verify "$file" "$sourcefile" 2> /dev/null; then
> + if grep "NO_PUBKEY" "$statusfile"> /dev/null; then
> + echo "$(gettext "Warning: Unknown public key") $(awk '/NO_PUBKEY/ {print $3}' $statusfile)">&2
> + warnings=1
> + else
> + echo "$(gettext "FAILED")">&2
> + errors=1
> + fi
> + else
> + if grep "REVKEYSIG" "$statusfile"> /dev/null; then
> + errors=1
> + echo "$(gettext "Passed")" "-" "$(gettext "Warning: the key has been revoked.")">&2
Just a style consistency change to have the message above the errors=1.
Allan
More information about the pacman-dev
mailing list